21 - FTP

Banner Grabbing

Telnet

telnet 10.0.0.3 21

Netcat

nc -n 10.0.0.3 21

NSE Script

nmap -sV -script banner -p21 -Pn 10.0.0.3

FTP

ftp 10.0.0.3

FTP Exploitation

Note: During the port scanning phase Nmap’s script scan (-sC), can be enabled to check for FTP Bounce and Anonymous Login.

Try anonymous login using anonymous:anonymous credentials.

ftp 10.0.0.3
…
Name (10.0.0.3:kali): anonymous
331 Please specify the password.
Password: [anonymous]
230 Login successful.

List all files in order.

ftp> ls -lat
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
…
226 Directory send OK.

FTP Browser Client

Due to its insecure nature, FTP support is being dropped by Firefox and Google Chrome.

Try accessing ftp://user:[email protected] from your browser. If not credentials provided anonymous:anonymous is assumed.

Brute Forcing

Se Brute Forcing SSH

SecLists includes a handy list of FTP default credentials.

Configuration files

It is important to examine these config files:

ftpusers
ftp.conf
proftpd.conf

Other

Binary and ASCII

Binary and ASCII files have to be uploading using the binary or ascii mode respectively, otherwise, the file will become corrupted. Use the corresponding command to switch between modes.

Download all files from FTP

wget -m ftp://anonymous:[email protected] #Donwload all
wget -m --no-passive ftp://anonymous:[email protected] #Download all

PreviousServices Exploitation Next25, 465, 587 - SMTP

Last updated 2 years ago

hashtagBanner Grabbing

hashtagTelnet

hashtagNetcat

hashtagNSE Script

hashtagFTP

hashtagFTP Exploitation

hashtagAnonymous Login

hashtagFTP Browser Client

hashtagBrute Forcing

hashtagConfiguration files

hashtagOther

hashtagBinary and ASCII

hashtagDownload all files from FTP